Alberto Morando
May 27, 2017

Azure meets Terraform


Cloud computing is emerging rapidly and it is adopted by companies for achieving applications high Availability, Reliability, Maintainability. In the market, there are various cloud providers but three are the most used ones:

1.       Amazon Web Services (AWS)

2.       Microsoft Azure

3.       Google Cloud

In this blog series, we are exploring the above three cloud providers utilizing a Infrastructure as Code approach. Thus, we will use the services from the listed cloud providers and interact with them using Terraform tool.


Azure meets Terraform

In the first post of this blog series we use Microsoft Azure together with Terraform.

Microsoft Azure Account, Organizational Account, Azure Account and  Subscription Account

When creating a Microsoft Azure Account

1.       An Organizational Account is also created

2.       An Azure Account is Created

          - Sets Organizational Account as the Account Administrator for Azure Account

3.       A Subscription is Created

          - Sets Organizational Account as the Service Administrator for Subscription 

4.       An Azure Active Directory (AAD) is Created

          - Sets Organizational Account as the Global Administrator for AAD


What is relevant for us is understanding the presence of these accounts type. More info can be found in the Microsoft docs website. For our purpose, we need to be able to create a Microsoft Azure Account and to be able to access the Azure Active Directory for registering Terraform as application. Moreover, we need to give Terraform the necessary authorizations to be able to create and access Azure cloud services.


Terraform Microsoft Azure Provider

Among the different Terraform providers there is the Microsoft Azure. The information the Terraform needs for accessing the Azure services are listed in the provider



It is possible to access the above information in the Azure Portal following the Terraform instructions and Microsoft documentation or using a PowerShell script as described in the Microsoft doc web page


Create the Terraform Application on the Azure Active Directory

To be able to fully understand the meaning of the Terraform information (subscription_id, client_id, client_secret, tenant_id) and how to create them, we are using the Azure Portal and showing step by step the creation of them.

Register the Terraform Application

These are the steps for creating the information needed for Terraform to access Azure services:

1.       Login to the Azure Portal and click on the Azure Active Directory Service

  2.       Click the App registrations

 3.       Fill in the relevant information


 4. After creating it we can see details and we get the client_id = Application ID


5. Click on keys


6.  And add the key   

The client_secrets =  the Key Value

 7. Get the tenant_id. Click the Endpoint in the App registration list page


Therefore tenant_id = GUID from the OAUTH 2.0 AUTHORIZATION ENDPOINT


Set Terraform application authorization to access and create Azure services

The following steps are for creating the authorizations to the Terraform application for accessing and creating the Azure services

1.       assign the Terraform application a role in the subscription we want to use. Click on subscriptions

 2. Choose add command from the IAM section

  3.  Add the new IAM with role and choosing Terraform app

the result is

 Finally, we need the subscription_id from the subscription


Installing Terraform

Now we have all the information to be able to login to Azure with Terraform and create resources in Azure cloud provider. Before to do that, we need to install the Terraform: download it and unzip it into a separate install directory. It is an executable file and a PATH variable can be added for simplify its access.


Create the first Terraform file and create an Azure resource

After installing Terraform and creating the information for accessing the Azure services we are now ready for creating the first Terraform file



The access Azure and create a resource group. We run the “terraform plan” command and the result is

 The “plan” command shows the resource that will be created if we run the apply command. Let´s run “terraform apply” and the result is

And the resource group is created in the Azure cloud

Conclusion and Considerations

In this post, we have used Terraform for creating a resource in Azure cloud provider. First, we have showed how to give Terraform access to Azure services with a step by step instructions on the Azure portal. Secondly, we have created a minimal Terraform file for creating an Azure resource group. The setup we have made is the base for the following posts for creating more resource in Azure cloud provider using Terraform.